US-based leading healthcare services provider, HCA Healthcare, suffered a data breach, potentially affecting tens of millions of patients as their data is now on sale online.
Patient records, including the name, city, state, zip code, telephone number, date of birth, gender, service date, location and next appointment date, are available for sale on an online forum. According to the healthcare company, the data was stolen from “an external storage location” used to automate emails.
According to the company, “approximately 27 million rows of data” that included information about 11 million patients was stolen.
HCA Healthcare, which operates 182 hospitals and over 2300 care sites in USA and UK, said that the data leaked doesn’t include clinical, payment or other sensitive information, including treatment, diagnosis, condition, password, driver’s license, social security number, credit card or account number.
The company maintains that they typically use the list of information leaked for email reminders for patients to schedule an appointment and inform them about healthcare programs.
The incident hasn’t disrupted the operations or services of the company’s hospitals and care sites, and it’s believed that this won’t affect the business or finances.
“While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident,” HCA Healthcare said on Monday.
According to DataBreaches.net, the data went on sale last week after HCA Healthcare failed to meet the unspecified demands of the hacker, who said “that this was a hack, not a leak”, and the company were given till July 10 to meet the demands.
HCA Healthcare-affiliated hospitals or physician offices in the following areas are affected:
- Alaska
- California
- Colorado
- Florida
- Georgia
- Idaho
- Indiana
- Kansas
- Kentucky
- Louisiana
- Missouri
- Mississippi
- Nevada
- New Hampshire
- North Carolina
- South Carolina
- Tennessee
- Texas
- Utah
- Virginia
In the News: Revolut suffers $20 million theft due to payment system flaws